Add Force All Users To Sign Out as a rails til

2026-01-07 00:58:02 +00:00 · 2020-05-10 09:12:52 -05:00
parent c903cca82e
commit e120f3a10b
2 changed files with 25 additions and 1 deletions
--- a/rails/force-all-users-to-sign-out.md
+++ b/rails/force-all-users-to-sign-out.md
@@ -0,0 +1,23 @@
+# Force All Users To Sign Out
+
+If you are using cookie-based authentication and you want to sign out all users
+(so that they have to re-authenticate), you need to invalidate all of the
+cookies.
+
+Because the cookies live in the client's browser, you cannot simply clear them
+like you would with session-based authentication. Instead, you need to replace
+the session token used to create all those cookies.
+
+First, get a new token:
+
+```bash
+$ bundle exec rake secret
+538696c1399ff182486e09980ba915d098b8fb23a3ace42c3eea0ab51b18fdff7895cd620f32b263d10d25c2fdba16647f4d8632e9032eccef7406e1ad9cba09
+```
+
+Then, replace the current `secret_key_base` value with that new secret token
+[wherever it is
+stored](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base)
+in the production environment.
+
+[source](https://stackoverflow.com/questions/35190591/rails-4-devise-how-to-log-out-all-users)